Vulnerability Details : CVE-2014-1649
Public exploit exists!
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Products affected by CVE-2014-1649
- cpe:2.3:a:symantec:workspace_streaming:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:workspace_streaming:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:workspace_streaming:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:symantec:workspace_streaming:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:workspace_streaming:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:workspace_streaming:6.1:sp4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1649
97.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-1649
-
Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload
Disclosure Date: 2014-05-12First seen: 2020-04-26exploit/windows/antivirus/symantec_workspace_streaming_execThis module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module ab
CVSS scores for CVE-2014-1649
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.9
|
HIGH | AV:A/AC:M/Au:N/C:C/I:C/A:C |
5.5
|
10.0
|
NIST |
CWE ids for CVE-2014-1649
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1649
-
http://zerodayinitiative.com/advisories/ZDI-14-127/
ZDI-14-127 | Zero Day Initiative
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00
Symantec Workspace Streaming XMLRPC Unauthenticated AccessVendor Advisory
-
http://www.exploit-db.com/exploits/33521
Symantec Workspace Streaming - Arbitrary File Upload (Metasploit) - Multiple remote Exploit
-
http://www.securityfocus.com/bid/67189
Symantec Workspace Streaming XMLRPC Unauthorized Access Vulnerability
Jump to